AFS for Macintosh OS X

How to setup AFS for OS X

Installing and setting up openAFS on OS X is pretty straightforward. You need to install openAFS, configure it for our cell (also also campus’s cell), and then install and configure kerberos.

Install OpenAFS

First, download the openAFS package, generally the one you want is the Maintenance Release, as that is considered the most stable version. Run the installer. Then open and check the following:

  1. Change directories to /var/db/openafs/etc
    cd /var/db/openafs/etc
  2. Use vi or pico to open the ThisCell file. This file should contain only one line, with
    sudo vi ThisCell
  3. Copy the CellServDB file to CellServDB.orig
    sudo cp ./CellServDB ./CellServDB.orig
  4. Use vi or pico to make a new CellServDB file
    sudo vi CellServDB
  5. Put the following in the CellServDB file
    > # University of North Carolina Project Isis
    >     #Cell name
  6. Save the file and reboot. You should have an AFS running and be able to access the cell

Install Kerberos extras

In spring of 2011, we took down the older kaserver, so the old method of authenticating via klog no longer works. Instead, we authenticate against our CSX.UNC.EDU kerberos realm, and once we have a ticket from there, we use aklog to get access to AFS based on that ticket. OS X comes with kerberos, but MIT provides an addon package, Kerberos Extras, that extends the basic functionality. The configuration file for kerberos is /Library/Preferences/, and that needs to be edited to include information about our kerberos servers and those of campus. To simplify this, bil put together a small installer that will install the kerberos extras, configure the file, and copy a script named afs to /usr/local/bin (if it exists) or /usr/bin.

  1. Download the file
  2. Double click on it to unpack it.
  3. Open a Terminal window, and cd into the klog_replacement directory (you can drag the folder into the terminal window to copy that path into terminal, so type “cd[space]”, then drag the folder).
  4. Run the installer
  5. sudo ./

At this point, you should see the kerberos extras install. Once it’s complete, you should be able to type “afs” in a terminal window and be prompted for your CS password. If everything works as expected, you’ll get a ticket in the kerberos realm and a token.